Experience in Information Security or related roles and a demonstrable interest in security, compliance, and risk management, you will support the CISO and Information Security Officers in undertaking a range of activities as part of the global Information Security team.
Roles & Responsibilities:
Security Consultancy / Project Risk Assessments:
- Engage on projects and programs outside of the Information Security Programmer.
- Engage with different global information security teams while working on projects.
- Keep abreast with latest industry trends, current attack techniques, threat intelligence.
- Recommend improvements towards the maturity of the process.
- Recommend improvements for IS control effectiveness.
- Develop and maintain project risk management knowledge documentation.
- Support and maintain corporate project risk management mailbox.
- Support and maintain corporate global project risk management tracker.
- Analyze reports to identify potential issues related to data and propose solutions.
- Work with limited supervision to develop and implement regular improvements in project risk assessments process.
- Performs other related duties as assigned.
- Delivering assigned elements of security programmer.
- Supporting new security tool implementation.
- Conduct review of security requirements for projects.
- Agree appropriate security controls for projects and assist business teams in implementation phase.
- Produce risk statements of the compliance of projects against applicable controls and give approval advice for solutions to go live.
- Check on security requirements evidences if necessary.
- Connect with different information security teams as per requirement of the projects.
Technical Skills &Education Qualification:
- Experience Band:4 - 8 yrs.
- Qualified to degree level, preferably in a business, IT or security related subject.
- Information Security specific qualification (such as CISM, CISSP)
- OWASP top 10, penetration testing techniques.
- Knowledge of current and evolving vulnerabilities including prioritization of remediation
- Engage with the business to explain technical findings and communicate it effectively to them.
- Knowledge of current threats and evolving attack vectors.
- Knowledge of network security technologies, included and not limited to:
- - Reviewing firewall rules
- - Reviewing Security Architecture best practices
- - Knowledge of Cloud network implementation including Network Security Groups
- - Reviewing network security diagrams to advice on any improvements to security posture.
